From 5a4eb6aa275e4c1b80e1e125a7901903e35219f2 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 12 Dec 2012 14:09:19 +0100 Subject: [PATCH] avfilter_get_video_buffer_ref_from_frame: check channel count more than 8 channels is not supported and crashes with null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavfilter/avcodec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavfilter/avcodec.c b/libavfilter/avcodec.c index 688f1b397a..705cf80ca5 100644 --- a/libavfilter/avcodec.c +++ b/libavfilter/avcodec.c @@ -92,8 +92,12 @@ AVFilterBufferRef *avfilter_get_video_buffer_ref_from_frame(const AVFrame *frame AVFilterBufferRef *avfilter_get_audio_buffer_ref_from_frame(const AVFrame *frame, int perms) { - AVFilterBufferRef *samplesref = - avfilter_get_audio_buffer_ref_from_arrays((uint8_t **)frame->data, frame->linesize[0], perms, + AVFilterBufferRef *samplesref; + + if(av_frame_get_channels(frame) > 8) // libavfilter does not suport more than 8 channels FIXME, remove once libavfilter is fixed + return NULL; + + samplesref = avfilter_get_audio_buffer_ref_from_arrays((uint8_t **)frame->data, frame->linesize[0], perms, frame->nb_samples, frame->format, av_frame_get_channel_layout(frame)); if (!samplesref)